CVE-2022-40871 is a critical security vulnerability affecting Dolibarr ERP & CRM versions up to and including 15.0.3. The vulnerability is an Eval Injection (CWE-94), which allows an attacker with administrator privileges to inject and execute arbitrary code within the application. The issue arises because, by default, any administrator can be added via the installation page of Dolibarr. Once an attacker successfully adds an administrator account, they can insert malicious code into the database. This code is then executed through the use of the PHP eval() function, which evaluates a string as PHP code. Eval injection vulnerabilities are particularly dangerous because they allow remote code execution (RCE), potentially leading to full system compromise. The CVSS v3.1 base score is 9.8, indicating a critical severity with network attack vector, low attack complexity, no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability. Although no known exploits in the wild have been reported, the vulnerability's nature and ease of exploitation make it a significant threat. The lack of patch links suggests that users must rely on vendor updates or mitigations once available. This vulnerability affects the core Dolibarr ERP & CRM system, widely used for enterprise resource planning and customer relationship management, which often contains sensitive business data and operational workflows.

For European organizations using Dolibarr ERP & CRM, this vulnerability poses a severe risk. Successful exploitation can lead to unauthorized full system control, data theft, data manipulation, and disruption of business operations. Given that Dolibarr is used to manage critical business functions such as finance, inventory, and customer data, a compromise could result in significant financial losses, reputational damage, and regulatory non-compliance, especially under GDPR requirements for data protection. The ability to execute arbitrary code remotely without authentication or user interaction increases the likelihood of automated attacks and widespread exploitation. Additionally, attackers could use compromised systems as pivot points for lateral movement within corporate networks, further escalating the impact. The absence of known exploits does not diminish the risk, as the vulnerability's characteristics make it a prime target for attackers once exploit code becomes publicly available.

European organizations should immediately verify if they are running Dolibarr ERP & CRM version 15.0.3 or earlier. Until an official patch is released, organizations should restrict access to the Dolibarr installation page to trusted administrators only, ideally via network segmentation, VPNs, or IP whitelisting. Implement strict access controls and multi-factor authentication for administrative accounts to reduce the risk of unauthorized additions. Regularly audit user accounts and remove any suspicious or unauthorized administrator accounts. Monitor logs for unusual activity related to administrator creation or code execution. Disable or restrict the use of PHP eval() functions if possible, or apply application-level input validation and sanitization to prevent injection of malicious code. Organizations should stay alert for vendor patches or updates addressing this vulnerability and apply them promptly. Additionally, deploying web application firewalls (WAFs) with rules targeting eval injection patterns can provide temporary protection. Conducting penetration testing focused on this vulnerability can help identify exposure and validate mitigations.